From 70f9089fcfb857da0864ec0701f2a886b5e1dbff Mon Sep 17 00:00:00 2001 From: Alexander Sulfrian Date: Sun, 30 May 2010 16:59:08 +0200 Subject: fix bug allowing every one to delete the paste with the mysql storage back end on every call the delete token was regenerated so, that every one could delete the paste --- paste/include/storage/MysqlStorage.php | 6 +++--- paste/include/storage/StorageEngine.php | 10 ++++++++-- 2 files changed, 11 insertions(+), 5 deletions(-) (limited to 'paste/include') diff --git a/paste/include/storage/MysqlStorage.php b/paste/include/storage/MysqlStorage.php index 8e16536..fe28007 100644 --- a/paste/include/storage/MysqlStorage.php +++ b/paste/include/storage/MysqlStorage.php @@ -114,7 +114,7 @@ INDEX (nick) global $config; if ($stmt = $this->mysql->prepare( - 'SELECT nick, language, content, description, time FROM ' . $this->table . ' + 'SELECT nick, language, content, description, time, remote FROM ' . $this->table . ' WHERE pid = ? LIMIT 1')) { $stmt->bind_param('s', $pid); @@ -126,7 +126,7 @@ INDEX (nick) $this->mysql->error); } - $stmt->bind_result($nick, $lang, $content, $description, $time); + $stmt->bind_result($nick, $lang, $content, $description, $time, $remote); if (!$stmt->fetch()) { header('HTTP/1.0 404 Not Found'); @@ -139,7 +139,7 @@ INDEX (nick) if (isset($config['short_results_path'])) $get_url = $config['short_results_path'] . $pid . '.html'; - $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid); + $remove_url = $config['site_domain'] . $config['site_path'] . 'remove.php?p=' . $pid . '&t=' . $this->generateToken($pid, $remote); echo PastifyText($content, $lang, $description, $get_url, $remove_url); } } diff --git a/paste/include/storage/StorageEngine.php b/paste/include/storage/StorageEngine.php index db6e34b..09e1676 100644 --- a/paste/include/storage/StorageEngine.php +++ b/paste/include/storage/StorageEngine.php @@ -38,11 +38,17 @@ abstract class StorageEngine abstract public function getContent($pid); abstract public function delContent($pid); - public function generateToken($name) + public function generateToken($name, $remote = '') { global $config; - $ipAddr = $_SERVER["REMOTE_ADDR"]; + if (! empty($remote)) { + $ipAddr = $remote; + } + else { + $ipAddr = $_SERVER["REMOTE_ADDR"]; + } + return sha1($name . $ipAddr . $config['token_salt']); } } -- cgit v1.2.3